Re: CRIME Laptops w/build-in wireless

From: Zot O'Connor (zot@private)
Date: Fri Aug 08 2003 - 11:02:24 PDT

Next message: Todd Ellner: "CRIME What do you do with bad stuff?"

Previous message: George Heuston: "CRIME FW: [Information_technology] Daily News 8/08/03"
In reply to: Daggett, Steve: "CRIME Laptops w/build-in wireless"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2003-08-06 at 16:38, Daggett, Steve wrote:

>   Now, I know that running an open access point is like hanging a hot
> Ethernet jack on the outside of the building, and that WEP is almost
> useless.  But what about wireless laptops?  Do they present the same threat?
> Physically, these things become bridges if they're plugged into the internal
> network while the wireless is hot.  

The problem is that most windows wireless systems (and now linux) are
set to connect to the strongest signal by default.

So I would not be surprised that an out of box laptop connected to a
random access point.

This is worrisome in general since someone could be plugged into your
network, and the foreign AP, thus creating a bridgable point.  Most
systems will not forward packets by default, but if I can own your
system, I can own your network.

How to prevent this:

1)  Remove the wireless cards.  100% effective for the out of the box
solution.  Does not help with anyone previously having a card, or adding
a card.

2)  Disable the networking cofnig, or setting it to something hardened. 
This still lets hostiles see a point, but it is harder to gain network
access.  But reinstall something, or upgrade a drvier, and it may get
reset.

3)  Set up fake access point to a nasty screen about trespassing,
company rules, etc.  This is pretty damn effective.  It is like a
honeypot.  It should ensure that local laptops grab it first.  If
someone does surf on it, they find a no man's land, and words of
wisdom.  The only thing this will not help is a pre-set WLAN, oh like
T-Mobile, when there is a Starbucks nearby.  Although the noise from you
system should make it harder to get to Starbucks.  The other issue is
when the techs open a backdoor to the web site to the company
network....  Of course clever people could probably peer-peer on this.

#1 is the best.
#2 works when #1 cannot be done (you need wireless somewhere).
#3 requires cheap hardware (APs, redirector, and web server), but
combined with an IDS could assist you with tracking offenders down. 
This might be useful in to catch people who are running wireless
devices.  A little auto-portscanning, and SMB sniffing and you should be
able to find to person(s).  And if you do see hostile activity, it is
feul for the banning or hardening of the wireless networks in your
building.

-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com

Next message: Todd Ellner: "CRIME What do you do with bad stuff?"
Previous message: George Heuston: "CRIME FW: [Information_technology] Daily News 8/08/03"
In reply to: Daggett, Steve: "CRIME Laptops w/build-in wireless"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 11:37:59 PDT